86% of UK employees' internet usage monitored

When does company security become corporate paranoia?

Shares

According to the “early findings” of a survey led by PricewaterhouseCoopers on behalf of the Department for Business, Enterprise & Regulatory Reform (BERR) employers in the UK are increasingly worried about what their staff are saying about them online, and are increasing their regulatory and monitoring policies as a result.

According to the figures, some 81 per cent of companies now have active firewalls in place blocking certain sites. However, the survey also finds that 86 per cent of employers regularly monitor and log their employees’ internet browsing habits.

Things get even more sinister when it comes to the issue of “educating” staff into behaving in a “security-conscious way”. The report notes that company security policies are on the rise with 68 per cent of companies admitting that they gave a high or very high priority to the creation and enforcement of such policies.

This paranoia appears to be spreading into the consultation sector as well, with the survey revealing how those companies who carry out risk assessment are nearly twice as likely to have a security policy in place as those that do not.

Now, while the average company security policy might well make a number of reasonable, necessary and practical demands of its staff and tie this in with practical instruction on how to improve one’s online security, the survey fails to note that such policies can also be used as gagging orders against disgruntled staff with legitimate grievances.

In other words, when does a company security policy cease to about the protection of sensitive company data, and be more about keeping whistleblowers quiet?

Perhaps, if all the companies who are apparently so fearful of what their employees might say about them online were a little less fearful, a bit more trusting and a whole lot more open about how they deal with the concerns of their employees, then maybe the need for increased monitoring, draconian security policies and intrusive security education wouldn’t be so necessary.